If a corosync node is connected to a pacemaker_remote node, the connection can be trivially killed simply by connecting to the remote on its standard TCP port (typically 3121): 2016-02-18T18:06:45.258661+00:00 d52-54-77-77-77-01 crmd[2637]: error: Unexpected pacemaker_remote client takeover. Disconnecting Takeover is allowed in order to support migration of the remote primitive from one corosync node to another, but since this is a trivial denial of service attack, it should only be allowed once a valid authkey is provided. => Upstream bug : - Bug 5269 - DoS: valid authkey should be required for takeover of a Pacemaker remote http://bugs.clusterlabs.org/show_bug.cgi?id=5269 => Upstream fix : - Fix: remote: cl#5269 - Notify other clients of a new connection only if the handshake has completed (bsc#967388) https://github.com/ClusterLabs/pacemaker/commit/5ec24a26 Resolved in upstream pacemaker 1.1.15
=> Fedora is not affected since fedora 23 and 24 are using pacemaker-1.1.15. => Resolved in RHEL6.8, pacemaker-1.1.14-8.el6, via the following bugzilla : - Bug 1312092 - crmd can crash after unexpected remote connection takeover https://bugzilla.redhat.com/show_bug.cgi?id=1312092 Corresponding errata : https://rhn.redhat.com/errata/RHBA-2016-0856.html => Planned resolution in RHEL7 via the following bugzilla : - Bug 1312094 - crmd can crash after unexpected remote connection takeover https://bugzilla.redhat.com/show_bug.cgi?id=1312094
Acknowledgments: Name: Alain Moulle (ATOS/BULL)
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2578 https://rhn.redhat.com/errata/RHSA-2016-2578.html